🔥 删除密码字段

README.md

@@ -50,7 +50,6 @@
 * SQL / JSON / Markdown 导出
 * 插件系统
 * Atom / RSS / Sitemap
-* MetaWeblog API
 * CDN 静态资源分离
 * [GitHub 集成](https://github.com/b3log/solo/issues/12514)
 

src/main/java/org/b3log/solo/processor/BlogProcessor.java

@@ -17,7 +17,6 @@
  */
 package org.b3log.solo.processor;
 
-import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.lang.StringUtils;
 import org.b3log.latke.Keys;
 import org.b3log.latke.Latkes;
@@ -36,13 +35,11 @@ import org.b3log.solo.service.*;
 import org.json.JSONArray;
 import org.json.JSONObject;
 
-import javax.servlet.http.HttpServletResponse;
-
 /**
  * Blog processor.
  *
  * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @version 1.3.1.7, Jan 28, 2019
+ * @version 1.3.1.8, Feb 7, 2019
  * @since 0.4.6
  */
 @RequestProcessor
@@ -111,11 +108,8 @@ public class BlogProcessor {
 
         jsonObject.put("recentArticleTime", articleQueryService.getRecentArticleTime());
         final JSONObject statistic = statisticQueryService.getStatistic();
-
-
-        // TODO: 重构数据统计计数 #12633
-        // jsonObject.put("articleCount", statistic.getLong(Option.ID_C_STATISTIC_PUBLISHED_ARTICLE_COUNT));
-        // jsonObject.put("commentCount", statistic.getLong(Option.ID_C_STATISTIC_PUBLISHED_BLOG_COMMENT_COUNT));
+        jsonObject.put("articleCount", statistic.getLong(Option.ID_T_STATISTIC_PUBLISHED_ARTICLE_COUNT));
+        jsonObject.put("commentCount", statistic.getLong(Option.ID_T_STATISTIC_PUBLISHED_BLOG_COMMENT_COUNT));
         jsonObject.put("tagCount", tagQueryService.getTagCount());
         jsonObject.put("servePath", Latkes.getServePath());
         jsonObject.put("staticServePath", Latkes.getStaticServePath());
@@ -157,24 +151,6 @@ public class BlogProcessor {
      */
     @RequestProcessing(value = "/blog/articles-tags", method = HttpMethod.GET)
     public void getArticlesTags(final RequestContext context) {
-        final String pwd = context.param("pwd");
-        if (StringUtils.isBlank(pwd)) {
-            context.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
-            return;
-        }
-
-        try {
-            final JSONObject admin = userQueryService.getAdmin();
-            if (!DigestUtils.md5Hex(pwd).equals(admin.getString(User.USER_PASSWORD))) {
-                context.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
-                return;
-            }
-        } catch (final Exception e) {
-            // ignored
-        }
-
         final JSONObject requestJSONObject = new JSONObject();
         requestJSONObject.put(Pagination.PAGINATION_CURRENT_PAGE_NUM, 1);
         requestJSONObject.put(Pagination.PAGINATION_PAGE_SIZE, Integer.MAX_VALUE);

src/main/java/org/b3log/solo/processor/OAuthGitHubProcessor.java

@@ -183,7 +183,6 @@ public class OAuthGitHubProcessor {
                 final JSONObject initReq = new JSONObject();
                 initReq.put(User.USER_NAME, userName);
                 initReq.put(User.USER_EMAIL, userEmail);
-                initReq.put(User.USER_PASSWORD, RandomStringUtils.randomAlphanumeric(8));
                 initReq.put(UserExt.USER_AVATAR, userAvatar);
                 initReq.put(UserExt.USER_T_B3_KEY, openId);
                 try {
@@ -207,7 +206,6 @@ public class OAuthGitHubProcessor {
                     final JSONObject addUserReq = new JSONObject();
                     addUserReq.put(User.USER_NAME, userName);
                     addUserReq.put(User.USER_EMAIL, userEmail);
-                    addUserReq.put(User.USER_PASSWORD, RandomStringUtils.randomAlphanumeric(8));
                     addUserReq.put(UserExt.USER_AVATAR, userAvatar);
                     addUserReq.put(User.USER_ROLE, Role.VISITOR_ROLE);
                     try {

src/main/java/org/b3log/solo/service/InitService.java

@@ -397,7 +397,6 @@ public class InitService {
      *                          {
      *                          "userName": "",
      *                          "userEmail": "",
-     *                          "userPassowrd": "", // Unhashed
      *                          "userAvatar": "" // optional
      *                          }
      * @throws Exception exception
@@ -410,7 +409,6 @@ public class InitService {
         admin.put(User.USER_EMAIL, requestJSONObject.getString(User.USER_EMAIL));
         admin.put(User.USER_URL, Latkes.getServePath());
         admin.put(User.USER_ROLE, Role.ADMIN_ROLE);
-        admin.put(User.USER_PASSWORD, DigestUtils.md5Hex(requestJSONObject.getString(User.USER_PASSWORD)));
         String avatar = requestJSONObject.optString(UserExt.USER_AVATAR);
         if (StringUtils.isBlank(avatar)) {
             avatar = Solos.getGravatarURL(requestJSONObject.getString(User.USER_EMAIL), "128");

src/main/java/org/b3log/solo/service/UserMgmtService.java

@@ -17,7 +17,6 @@
  */
 package org.b3log.solo.service;
 
-import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.lang.StringUtils;
 import org.b3log.latke.Keys;
 import org.b3log.latke.Latkes;
@@ -95,7 +94,6 @@ public class UserMgmtService {
      *                          "oId": "",
      *                          "userName": "",
      *                          "userEmail": "",
-     *                          "userPassword": "", // Unhashed
      *                          "userRole": "", // optional
      *                          "userURL": "", // optional
      * @throws ServiceException service exception
@@ -129,14 +127,6 @@ public class UserMgmtService {
             }
             oldUser.put(User.USER_NAME, userName);
 
-            final String userPassword = requestJSONObject.optString(User.USER_PASSWORD);
-            final boolean maybeHashed = HASHED_PASSWORD_LENGTH == userPassword.length();
-            final String newHashedPassword = DigestUtils.md5Hex(userPassword);
-            final String oldHashedPassword = oldUser.optString(User.USER_PASSWORD);
-            if (!maybeHashed || (!oldHashedPassword.equals(userPassword) && !oldHashedPassword.equals(newHashedPassword))) {
-                oldUser.put(User.USER_PASSWORD, newHashedPassword);
-            }
-
             final String userRole = requestJSONObject.optString(User.USER_ROLE);
             if (StringUtils.isNotBlank(userRole)) {
                 oldUser.put(User.USER_ROLE, userRole);
@@ -208,7 +198,6 @@ public class UserMgmtService {
      * @param requestJSONObject the specified request json object, for example,
      *                          "userName": "",
      *                          "userEmail": "",
-     *                          "userPassword": "", // Unhashed
      *                          "userURL": "", // optional, uses 'servePath' instead if not specified
      *                          "userRole": "", // optional, uses {@value Role#DEFAULT_ROLE} instead if not specified
      *                          "userAvatar": "" // optional, users generated gravatar url instead if not specified
@@ -251,9 +240,6 @@ public class UserMgmtService {
             }
             user.put(User.USER_NAME, userName);
 
-            final String userPassword = requestJSONObject.optString(User.USER_PASSWORD);
-            user.put(User.USER_PASSWORD, DigestUtils.md5Hex(userPassword));
-
             String userURL = requestJSONObject.optString(User.USER_URL);
             if (StringUtils.isBlank(userURL)) {
                 userURL = Latkes.getServePath();

src/main/java/org/b3log/solo/util/Solos.java

@@ -40,6 +40,7 @@ import org.b3log.solo.model.Common;
 import org.b3log.solo.model.Option;
 import org.b3log.solo.model.UserExt;
 import org.b3log.solo.repository.UserRepository;
+import org.b3log.solo.service.PreferenceQueryService;
 import org.json.JSONArray;
 import org.json.JSONObject;
 
@@ -302,10 +303,13 @@ public final class Solos {
                     break;
                 }
 
-                final String userPassword = user.optString(User.USER_PASSWORD);
-                final String token = cookieJSONObject.optString(Keys.TOKEN);
-                final String hashPassword = StringUtils.substringBeforeLast(token, ":");
-                if (userPassword.equals(hashPassword)) {
+                final PreferenceQueryService preferenceQueryService = BeanManager.getInstance().getReference(PreferenceQueryService.class);
+                final JSONObject preference = preferenceQueryService.getPreference();
+                final String b3Key = preference.optString(Option.ID_C_KEY_OF_SOLO);
+
+                final String tokenVal = cookieJSONObject.optString(Keys.TOKEN);
+                final String token = StringUtils.substringBeforeLast(tokenVal, ":");
+                if (StringUtils.equals(b3Key, token)) {
                     login(user, response);
 
                     return user;
@@ -327,22 +331,18 @@ public final class Solos {
      * Logins the specified user from the specified request.
      *
      * @param response the specified response
-     * @param user     the specified user, for example,
-     *                 {
-     *                 "userEmail": "",
-     *                 "userPassword": ""
-     *                 }
+     * @param user     the specified user
      */
     public static void login(final JSONObject user, final HttpServletResponse response) {
         try {
             final String userId = user.optString(Keys.OBJECT_ID);
             final JSONObject cookieJSONObject = new JSONObject();
             cookieJSONObject.put(Keys.OBJECT_ID, userId);
-            cookieJSONObject.put(User.USER_PASSWORD, user.optString(User.USER_PASSWORD));
-
-            final String random = RandomStringUtils.randomAlphanumeric(16);
-            cookieJSONObject.put(Keys.TOKEN, user.optString(User.USER_PASSWORD) + ":" + random);
-
+            final PreferenceQueryService preferenceQueryService = BeanManager.getInstance().getReference(PreferenceQueryService.class);
+            final JSONObject preference = preferenceQueryService.getPreference();
+            final String b3Key = preference.optString(Option.ID_C_KEY_OF_SOLO);
+            final String random = RandomStringUtils.randomAlphanumeric(8);
+            cookieJSONObject.put(Keys.TOKEN, b3Key + ":" + random);
             final String cookieValue = Crypts.encryptByAES(cookieJSONObject.toString(), COOKIE_SECRET);
             final Cookie cookie = new Cookie(COOKIE_NAME, cookieValue);
             cookie.setPath("/");

src/main/resources/repository.json

 {
   "description": "Description of repository structures, for generation of the relational database table and persistence validation.",
-  "version": "3.2.1.3, Feb 6, 2019",
+  "version": "3.2.1.4, Feb 7, 2019",
   "authors": [
     "Liang Ding"
   ],
@@ -125,7 +125,7 @@
           "name": "commentContent",
           "description": "评论内容",
           "type": "String",
-          "length": 2000
+          "length": 2048
         },
         {
           "name": "commentCreated",
@@ -401,12 +401,6 @@
           "type": "String",
           "length": 255
         },
-        {
-          "name": "userPassword",
-          "description": "用户密码，MD5",
-          "type": "String",
-          "length": 255
-        },
         {
           "name": "userRole",
           "description": "用户角色，管理员：adminRole，普通用户：defaultRole，访客用户：visitorRole",

src/test/java/org/b3log/solo/AbstractTestCase.java

@@ -27,7 +27,6 @@ import org.b3log.latke.repository.jdbc.util.Connections;
 import org.b3log.latke.repository.jdbc.util.JdbcRepositories;
 import org.b3log.latke.service.ServiceException;
 import org.b3log.latke.util.Crypts;
-import org.b3log.solo.processor.api.MetaWeblogAPI;
 import org.b3log.solo.cache.*;
 import org.b3log.solo.processor.MockDispatcherServlet;
 import org.b3log.solo.repository.*;
@@ -52,7 +51,7 @@ import java.util.Locale;
  * Abstract test case.
  *
  * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @version 3.0.0.0, Dec 5, 2018
+ * @version 3.0.0.1, Feb 7, 2019
  * @since 2.9.7
  */
 public abstract class AbstractTestCase {
@@ -124,7 +123,6 @@ public abstract class AbstractTestCase {
         final JSONObject requestJSONObject = new JSONObject();
         requestJSONObject.put(User.USER_EMAIL, "test@gmail.com");
         requestJSONObject.put(User.USER_NAME, "Admin");
-        requestJSONObject.put(User.USER_PASSWORD, "pass");
         initService.init(requestJSONObject);
         final UserQueryService userQueryService = getUserQueryService();
         Assert.assertNotNull(userQueryService.getUserByEmailOrUserName("test@gmail.com"));
@@ -141,9 +139,8 @@ public abstract class AbstractTestCase {
         final String userId = adminUser.optString(Keys.OBJECT_ID);
         final JSONObject cookieJSONObject = new JSONObject();
         cookieJSONObject.put(Keys.OBJECT_ID, userId);
-        cookieJSONObject.put(User.USER_PASSWORD, adminUser.optString(User.USER_PASSWORD));
         final String random = RandomStringUtils.randomAlphanumeric(16);
-        cookieJSONObject.put(Keys.TOKEN, adminUser.optString(User.USER_PASSWORD) + ":" + random);
+        cookieJSONObject.put(Keys.TOKEN, "pass:" + random);
         final String cookieValue = Crypts.encryptByAES(cookieJSONObject.toString(), Solos.COOKIE_SECRET);
         final Cookie cookie = new Cookie(Solos.COOKIE_NAME, cookieValue);
         request.setCookies(new Cookie[]{cookie});
@@ -487,9 +484,4 @@ public abstract class AbstractTestCase {
     public OptionQueryService getOptionQueryService() {
         return beanManager.getReference(OptionQueryService.class);
     }
-
-
-    public MetaWeblogAPI getMetaWeblogAPI() {
-        return beanManager.getReference(MetaWeblogAPI.class);
-    }
 }

src/test/java/org/b3log/solo/processor/MetaWeblogAPITestCase.java

-/*
- * Solo - A small and beautiful blogging system written in Java.
- * Copyright (c) 2010-2019, b3log.org & hacpai.com
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-package org.b3log.solo.processor;
-
-import org.apache.commons.lang.StringUtils;
-import org.b3log.solo.AbstractTestCase;
-import org.b3log.solo.MockHttpServletRequest;
-import org.b3log.solo.MockHttpServletResponse;
-import org.b3log.solo.processor.api.MetaWeblogAPI;
-import org.testng.Assert;
-import org.testng.annotations.Test;
-
-import java.io.BufferedReader;
-import java.io.StringReader;
-
-/**
- * {@link MetaWeblogAPI} test case.
- *
- * @author yugt
- * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @version 1.0.0.2, Oct 19, 2018
- * @since 1.7.0
- */
-@Test(suiteName = "api")
-public class MetaWeblogAPITestCase extends AbstractTestCase {
-
-    /**
-     * Init.
-     *
-     * @throws Exception exception
-     */
-    @Test
-    public void init() throws Exception {
-        super.init();
-    }
-
-    /**
-     * 手动构造rpc请求
-     *
-     * @throws Exception exception
-     */
-    @Test(dependsOnMethods = "init")
-    public void metaWeblog() throws Exception {
-        final MockHttpServletRequest request = mockRequest();
-        request.setRequestURI("/apis/metaweblog");
-        request.setMethod("POST");
-        final StringBuilder sb = new StringBuilder();
-        sb.append("<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>")
-                .append("<methodCall>")
-                .append("<methodName>metaWeblog.newPost</methodName>")
-                .append("<params>")
-                .append("<param>")
-                .append("<value><int>11</int></value>")
-                .append("</param>")
-                .append("<param>")
-                .append("<value><string>test@gmail.com</string></value>")
-                .append("</param>")
-                .append("<param>")
-                .append("<value><string>pass</string></value>")
-                .append("</param>")
-                .append("<param>")
-                .append("<value>")
-                .append("<struct>")
-                .append("<member>")
-                .append("<name>dateCreated</name>")
-                .append("<value><dateTime.iso8601>20040503T17:30:08</dateTime.iso8601></value>")
-                .append("</member>")
-                .append("<member>")
-                .append("<name>title</name>")
-                .append("<value><string>title</string></value>")
-                .append("</member>")
-                .append("<member>")
-                .append("<name>description</name>")
-                .append("<value><string>description</string></value>")
-                .append("</member>")
-                .append("<member>")
-                .append("<name>categories</name>")
-                .append("<value>")
-                .append("<array>")
-                .append("<data>")
-                .append("<value>")
-                .append("<string>Solo</string>")
-                .append("</value>")
-                .append("</data>")
-                .append("</array>")
-                .append("</value>")
-                .append("</member>")
-                .append("</struct>")
-                .append("</value>")
-                .append("</param>")
-                .append("<param>")
-                .append("<value><boolean>1</boolean></value>")
-                .append("</param>")
-                .append("</params>")
-                .append("</methodCall>");
-        final BufferedReader reader = new BufferedReader(new StringReader(sb.toString()));
-        request.setReader(reader);
-
-        final MockHttpServletResponse response = mockResponse();
-        mockDispatcherServletService(request, response);
-
-        final String content = response.body();
-        // System.out.println("xxxxxcontent:" + content);
-        Assert.assertTrue(StringUtils.startsWith(content, "<?xml version=\"1.0\""));
-    }
-
-    /**
-     * 使用XmlRpcClient发送rpc请求
-     *
-     * @throws Exception exception
-     */
-//    @Test(dependsOnMethods = "init")
-//    public void metaWeblog2() throws Exception {
-//    	final MetaWeblogAPI metaWeblogAPI = getMetaWeblogAPI();
-//        metaWeblogAPI.metaWeblog(null,null,null);
-//        
-//    	XmlRpcClientConfigImpl config = new XmlRpcClientConfigImpl();  
-//        config.setServerURL(new URL("http://localhost:8080/solo/apis/metaweblog"));
-//        XmlRpcClient client = new XmlRpcClient();  
-//        client.setConfig(config);  
-//        Vector<Object> params= new Vector<Object>();
-//        params.add(1, 12);
-//        params.add(2, "gangtaoyu@gmail.com");
-//        params.add(3, "sky");
-//        params.add(4, new Struct());
-//        params.add(5, "publish");
-//        Integer result=(Integer)client.execute("metaWeblog.newPost",params);  
-//
-//        System.out.println(result);  
-//        
-//        
-//    }
-
-    class Struct {
-        String title = "title";
-        String link = "link";
-        String description = "description";
-        String author = "author";
-        String[] category = {"category1", "category2"};
-        String comments = "comments";
-        String enclosure = "enclosure";
-        String guid = "guid";
-        String pubDate = "pubDate";
-        String source = "source";
-    }
-
-}

src/test/java/org/b3log/solo/processor/console/UserConsoleTestCase.java

@@ -64,7 +64,6 @@ public class UserConsoleTestCase extends AbstractTestCase {
         final JSONObject requestJSON = new JSONObject();
         requestJSON.put(User.USER_NAME, "D");
         requestJSON.put(User.USER_EMAIL, "d@b3log.org");
-        requestJSON.put(User.USER_PASSWORD, "password");
         final BufferedReader reader = new BufferedReader(new StringReader(requestJSON.toString()));
         request.setReader(reader);
 

src/test/java/org/b3log/solo/repository/UserRepositoryImplTestCase.java

@@ -52,7 +52,6 @@ public final class UserRepositoryImplTestCase extends AbstractTestCase {
         final JSONObject another = new JSONObject();
         another.put(User.USER_NAME, "test1");
         another.put(User.USER_EMAIL, "test1@gmail.com");
-        another.put(User.USER_PASSWORD, "pass1");
         another.put(User.USER_URL, "https://b3log.org");
         another.put(User.USER_ROLE, Role.DEFAULT_ROLE);
         another.put(UserExt.USER_AVATAR, "");
@@ -66,7 +65,6 @@ public final class UserRepositoryImplTestCase extends AbstractTestCase {
         JSONObject admin = new JSONObject();
         admin.put(User.USER_NAME, "test");
         admin.put(User.USER_EMAIL, "test@gmail.com");
-        admin.put(User.USER_PASSWORD, "pass");
         admin.put(User.USER_URL, "https://b3log.org");
         admin.put(User.USER_ROLE, Role.ADMIN_ROLE);
         admin.put(UserExt.USER_AVATAR, "");
@@ -92,6 +90,6 @@ public final class UserRepositoryImplTestCase extends AbstractTestCase {
 
         final JSONObject found = userRepository.getByEmail("test1@gmail.com");
         Assert.assertNotNull(found);
-        Assert.assertEquals(found.getString(User.USER_PASSWORD), "pass1");
+        Assert.assertEquals(found.getString(User.USER_EMAIL), "test1@gmail.com");
     }
 }

src/test/java/org/b3log/solo/service/UserMgmtServiceTestCase.java

@@ -18,7 +18,6 @@
 package org.b3log.solo.service;
 
 import junit.framework.Assert;
-import org.apache.commons.codec.digest.DigestUtils;
 import org.b3log.latke.Keys;
 import org.b3log.latke.model.Role;
 import org.b3log.latke.model.User;
@@ -50,7 +49,6 @@ public class UserMgmtServiceTestCase extends AbstractTestCase {
 
         requestJSONObject.put(User.USER_NAME, "user1name");
         requestJSONObject.put(User.USER_EMAIL, "test1@gmail.com");
-        requestJSONObject.put(User.USER_PASSWORD, "pass1");
 
         final String id = userMgmtService.addUser(requestJSONObject);
         Assert.assertNotNull(id);
@@ -68,7 +66,6 @@ public class UserMgmtServiceTestCase extends AbstractTestCase {
         JSONObject requestJSONObject = new JSONObject();
         requestJSONObject.put(User.USER_NAME, "user2name");
         requestJSONObject.put(User.USER_EMAIL, "test2@gmail.com");
-        requestJSONObject.put(User.USER_PASSWORD, "pass2");
         requestJSONObject.put(User.USER_ROLE, Role.ADMIN_ROLE);
 
         final String id = userMgmtService.addUser(requestJSONObject);
@@ -81,17 +78,6 @@ public class UserMgmtServiceTestCase extends AbstractTestCase {
 
         Assert.assertEquals(getUserQueryService().getUser(id).getJSONObject(
                 User.USER).getString(User.USER_NAME), "user2newname");
-
-        // Do not update password
-        requestJSONObject.put(Keys.OBJECT_ID, id);
-        requestJSONObject.put(User.USER_NAME, "user2name");
-        requestJSONObject.put(User.USER_EMAIL, "test2@gmail.com");
-        requestJSONObject.put(User.USER_PASSWORD, "pass2");
-
-        userMgmtService.updateUser(requestJSONObject);
-
-        Assert.assertEquals(getUserQueryService().getUser(id).getJSONObject(
-                User.USER).getString(User.USER_PASSWORD), DigestUtils.md5Hex("pass2"));
     }
 
     /**
@@ -106,7 +92,6 @@ public class UserMgmtServiceTestCase extends AbstractTestCase {
         final JSONObject requestJSONObject = new JSONObject();
         requestJSONObject.put(User.USER_NAME, "user1 name");
         requestJSONObject.put(User.USER_EMAIL, "test1@gmail.com");
-        requestJSONObject.put(User.USER_PASSWORD, "pass1");
 
         try {
             final String id = userMgmtService.addUser(requestJSONObject);

src/test/java/org/b3log/solo/service/UserQueryServiceTestCase.java

@@ -48,7 +48,6 @@ public class UserQueryServiceTestCase extends AbstractTestCase {
 
         requestJSONObject.put(User.USER_NAME, "user1name");
         requestJSONObject.put(User.USER_EMAIL, "test1@gmail.com");
-        requestJSONObject.put(User.USER_PASSWORD, "pass1");
 
         final String id = userMgmtService.addUser(requestJSONObject);
         Assert.assertNotNull(id);